Rede Itaú for WooCommerce — Payment PIX, Credit Card and...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.2. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.

Basic Information

ID CVE-2026-0942

Source Wordfence

Published Jan 16, 2026 at 06:43

Affected Product

Vendor linknacional

Product Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit

Version *

Affected Versions linknacional Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit *

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "The Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.2. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.",
    "published": "2026-01-16T06:43:20.555Z",
    "modified": "2026-01-16T06:43:20.555Z",
    "type": "cve",
    "title": "Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit <= 5.1.2 - Missing Authorization to Unauthenticated Rede Order Logs Deletion",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4927c060-f2b2-4916-b049-1442bba63e98?source=cve\nhttps://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L42\nhttps://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L58",
    "id": "CVE-2026-0942",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "linknacional Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit",
    "version": "*",
    "vendor": "linknacional",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Missing Authorization to Unauthenticated Rede Order Logs Deletion_CVE-2026-0942